1 /******************************************************************************
3 Copyright(c) 2003 - 2005 Intel Corporation. All rights reserved.
5 This program is free software; you can redistribute it and/or modify it
6 under the terms of version 2 of the GNU General Public License as
7 published by the Free Software Foundation.
9 This program is distributed in the hope that it will be useful, but WITHOUT
10 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 You should have received a copy of the GNU General Public License along with
15 this program; if not, write to the Free Software Foundation, Inc., 59
16 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
18 The full GNU General Public License is included in this distribution in the
22 James P. Ketrenos <ipw2100-admin@linux.intel.com>
23 Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
25 ******************************************************************************/
26 #include <linux/compiler.h>
27 #include <linux/errno.h>
28 #include <linux/if_arp.h>
29 #include <linux/in6.h>
32 #include <linux/kernel.h>
33 #include <linux/module.h>
34 #include <linux/netdevice.h>
35 #include <linux/proc_fs.h>
36 #include <linux/skbuff.h>
37 #include <linux/slab.h>
38 #include <linux/tcp.h>
39 #include <linux/types.h>
40 #include <linux/wireless.h>
41 #include <linux/etherdevice.h>
42 #include <asm/uaccess.h>
44 #include <net/ieee80211.h>
50 ,-------------------------------------------------------------------.
51 Bytes | 2 | 2 | 6 | 6 | 6 | 2 | 0..2312 | 4 |
52 |------|------|---------|---------|---------|------|---------|------|
53 Desc. | ctrl | dura | DA/RA | TA | SA | Sequ | Frame | fcs |
54 | | tion | (BSSID) | | | ence | data | |
55 `--------------------------------------------------| |------'
56 Total: 28 non-data bytes `----.----'
58 .- 'Frame data' expands, if WEP enabled, to <----------'
61 ,-----------------------.
62 Bytes | 4 | 0-2296 | 4 |
63 |-----|-----------|-----|
64 Desc. | IV | Encrypted | ICV |
69 .- 'Encrypted Packet' expands to
72 ,---------------------------------------------------.
73 Bytes | 1 | 1 | 1 | 3 | 2 | 0-2304 |
74 |------|------|---------|----------|------|---------|
75 Desc. | SNAP | SNAP | Control |Eth Tunnel| Type | IP |
76 | DSAP | SSAP | | | | Packet |
77 | 0xAA | 0xAA |0x03 (UI)|0x00-00-F8| | |
78 `----------------------------------------------------
79 Total: 8 non-data bytes
81 802.3 Ethernet Data Frame
83 ,-----------------------------------------.
84 Bytes | 6 | 6 | 2 | Variable | 4 |
85 |-------|-------|------|-----------|------|
86 Desc. | Dest. | Source| Type | IP Packet | fcs |
88 `-----------------------------------------'
89 Total: 18 non-data bytes
91 In the event that fragmentation is required, the incoming payload is split into
92 N parts of size ieee->fts. The first fragment contains the SNAP header and the
93 remaining packets are just data.
95 If encryption is enabled, each fragment payload size is reduced by enough space
96 to add the prefix and postfix (IV and ICV totalling 8 bytes in the case of WEP)
97 So if you have 1500 bytes of payload with ieee->fts set to 500 without
98 encryption it will take 3 frames. With WEP it will take 4 frames as the
99 payload of each frame is reduced to 492 bytes.
105 * | ETHERNET HEADER ,-<-- PAYLOAD
106 * | | 14 bytes from skb->data
107 * | 2 bytes for Type --> ,T. | (sizeof ethhdr)
109 * |,-Dest.--. ,--Src.---. | | |
110 * | 6 bytes| | 6 bytes | | | |
113 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
116 * | | | | `T' <---- 2 bytes for Type
118 * | | '---SNAP--' <-------- 6 bytes for SNAP
120 * `-IV--' <-------------------- 4 bytes for IV (WEP)
126 static u8 P802_1H_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0xf8 };
127 static u8 RFC1042_OUI[P80211_OUI_LEN] = { 0x00, 0x00, 0x00 };
129 static int ieee80211_copy_snap(u8 * data, u16 h_proto)
131 struct ieee80211_snap_hdr *snap;
134 snap = (struct ieee80211_snap_hdr *)data;
139 if (h_proto == 0x8137 || h_proto == 0x80f3)
143 snap->oui[0] = oui[0];
144 snap->oui[1] = oui[1];
145 snap->oui[2] = oui[2];
147 *(u16 *) (data + SNAP_SIZE) = htons(h_proto);
149 return SNAP_SIZE + sizeof(u16);
152 static int ieee80211_encrypt_fragment(struct ieee80211_device *ieee,
153 struct sk_buff *frag, int hdr_len)
155 struct ieee80211_crypt_data *crypt = ieee->crypt[ieee->tx_keyidx];
161 /* To encrypt, frame format is:
162 * IV (4 bytes), clear payload (including SNAP), ICV (4 bytes) */
163 atomic_inc(&crypt->refcnt);
165 if (crypt->ops && crypt->ops->encrypt_mpdu)
166 res = crypt->ops->encrypt_mpdu(frag, hdr_len, crypt->priv);
168 atomic_dec(&crypt->refcnt);
170 printk(KERN_INFO "%s: Encryption failed: len=%d.\n",
171 ieee->dev->name, frag->len);
172 ieee->ieee_stats.tx_discards++;
179 void ieee80211_txb_free(struct ieee80211_txb *txb)
184 for (i = 0; i < txb->nr_frags; i++)
185 if (txb->fragments[i])
186 dev_kfree_skb_any(txb->fragments[i]);
190 static struct ieee80211_txb *ieee80211_alloc_txb(int nr_frags, int txb_size,
191 int headroom, gfp_t gfp_mask)
193 struct ieee80211_txb *txb;
195 txb = kmalloc(sizeof(struct ieee80211_txb) + (sizeof(u8 *) * nr_frags),
200 memset(txb, 0, sizeof(struct ieee80211_txb));
201 txb->nr_frags = nr_frags;
202 txb->frag_size = txb_size;
204 for (i = 0; i < nr_frags; i++) {
205 txb->fragments[i] = __dev_alloc_skb(txb_size + headroom,
207 if (unlikely(!txb->fragments[i])) {
211 skb_reserve(txb->fragments[i], headroom);
213 if (unlikely(i != nr_frags)) {
215 dev_kfree_skb_any(txb->fragments[i--]);
222 static int ieee80211_classify(struct sk_buff *skb)
227 eth = (struct ethhdr *)skb->data;
228 if (eth->h_proto != __constant_htons(ETH_P_IP))
232 switch (ip->tos & 0xfc) {
252 /* Incoming skb is converted to a txb which consists of
253 * a block of 802.11 fragment packets (stored as skbs) */
254 int ieee80211_xmit(struct sk_buff *skb, struct net_device *dev)
256 struct ieee80211_device *ieee = netdev_priv(dev);
257 struct ieee80211_txb *txb = NULL;
258 struct ieee80211_hdr_3addrqos *frag_hdr;
259 int i, bytes_per_frag, nr_frags, bytes_last_frag, frag_size,
262 struct net_device_stats *stats = &ieee->stats;
263 int ether_type, encrypt, host_encrypt, host_encrypt_msdu, host_build_iv;
264 int bytes, fc, hdr_len;
265 struct sk_buff *skb_frag;
266 struct ieee80211_hdr_3addrqos header = {/* Ensure zero initialized */
271 u8 dest[ETH_ALEN], src[ETH_ALEN];
272 struct ieee80211_crypt_data *crypt;
273 int priority = skb->priority;
276 if (ieee->is_queue_full && (*ieee->is_queue_full) (dev, priority))
277 return NETDEV_TX_BUSY;
279 spin_lock_irqsave(&ieee->lock, flags);
281 /* If there is no driver handler to take the TXB, dont' bother
283 if (!ieee->hard_start_xmit) {
284 printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
288 if (unlikely(skb->len < SNAP_SIZE + sizeof(u16))) {
289 printk(KERN_WARNING "%s: skb too small (%d).\n",
290 ieee->dev->name, skb->len);
294 ether_type = ntohs(((struct ethhdr *)skb->data)->h_proto);
296 crypt = ieee->crypt[ieee->tx_keyidx];
298 encrypt = !(ether_type == ETH_P_PAE && ieee->ieee802_1x) &&
301 host_encrypt = ieee->host_encrypt && encrypt && crypt;
302 host_encrypt_msdu = ieee->host_encrypt_msdu && encrypt && crypt;
303 host_build_iv = ieee->host_build_iv && encrypt && crypt;
305 if (!encrypt && ieee->ieee802_1x &&
306 ieee->drop_unencrypted && ether_type != ETH_P_PAE) {
311 /* Save source and destination addresses */
312 memcpy(dest, skb->data, ETH_ALEN);
313 memcpy(src, skb->data + ETH_ALEN, ETH_ALEN);
315 if (host_encrypt || host_build_iv)
316 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA |
317 IEEE80211_FCTL_PROTECTED;
319 fc = IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA;
321 if (ieee->iw_mode == IW_MODE_INFRA) {
322 fc |= IEEE80211_FCTL_TODS;
323 /* To DS: Addr1 = BSSID, Addr2 = SA, Addr3 = DA */
324 memcpy(header.addr1, ieee->bssid, ETH_ALEN);
325 memcpy(header.addr2, src, ETH_ALEN);
326 memcpy(header.addr3, dest, ETH_ALEN);
327 } else if (ieee->iw_mode == IW_MODE_ADHOC) {
328 /* not From/To DS: Addr1 = DA, Addr2 = SA, Addr3 = BSSID */
329 memcpy(header.addr1, dest, ETH_ALEN);
330 memcpy(header.addr2, src, ETH_ALEN);
331 memcpy(header.addr3, ieee->bssid, ETH_ALEN);
333 hdr_len = IEEE80211_3ADDR_LEN;
335 if (ieee->is_qos_active && ieee->is_qos_active(dev, skb)) {
336 fc |= IEEE80211_STYPE_QOS_DATA;
339 skb->priority = ieee80211_classify(skb);
340 header.qos_ctl |= cpu_to_le16(skb->priority & IEEE80211_QCTL_TID);
342 header.frame_ctl = cpu_to_le16(fc);
344 /* Advance the SKB to the start of the payload */
345 skb_pull(skb, sizeof(struct ethhdr));
347 /* Determine total amount of storage required for TXB packets */
348 bytes = skb->len + SNAP_SIZE + sizeof(u16);
350 /* Encrypt msdu first on the whole data packet. */
351 if ((host_encrypt || host_encrypt_msdu) &&
352 crypt && crypt->ops && crypt->ops->encrypt_msdu) {
354 int len = bytes + hdr_len + crypt->ops->extra_msdu_prefix_len +
355 crypt->ops->extra_msdu_postfix_len;
356 struct sk_buff *skb_new = dev_alloc_skb(len);
358 if (unlikely(!skb_new))
361 skb_reserve(skb_new, crypt->ops->extra_msdu_prefix_len);
362 memcpy(skb_put(skb_new, hdr_len), &header, hdr_len);
364 ieee80211_copy_snap(skb_put(skb_new, SNAP_SIZE + sizeof(u16)),
366 memcpy(skb_put(skb_new, skb->len), skb->data, skb->len);
367 res = crypt->ops->encrypt_msdu(skb_new, hdr_len, crypt->priv);
369 IEEE80211_ERROR("msdu encryption failed\n");
370 dev_kfree_skb_any(skb_new);
373 dev_kfree_skb_any(skb);
375 bytes += crypt->ops->extra_msdu_prefix_len +
376 crypt->ops->extra_msdu_postfix_len;
377 skb_pull(skb, hdr_len);
380 if (host_encrypt || ieee->host_open_frag) {
381 /* Determine fragmentation size based on destination (multicast
382 * and broadcast are not fragmented) */
383 if (is_multicast_ether_addr(dest) ||
384 is_broadcast_ether_addr(dest))
385 frag_size = MAX_FRAG_THRESHOLD;
387 frag_size = ieee->fts;
389 /* Determine amount of payload per fragment. Regardless of if
390 * this stack is providing the full 802.11 header, one will
391 * eventually be affixed to this fragment -- so we must account
392 * for it when determining the amount of payload space. */
393 bytes_per_frag = frag_size - hdr_len;
395 (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
396 bytes_per_frag -= IEEE80211_FCS_LEN;
398 /* Each fragment may need to have room for encryptiong
401 bytes_per_frag -= crypt->ops->extra_mpdu_prefix_len +
402 crypt->ops->extra_mpdu_postfix_len;
404 /* Number of fragments is the total
405 * bytes_per_frag / payload_per_fragment */
406 nr_frags = bytes / bytes_per_frag;
407 bytes_last_frag = bytes % bytes_per_frag;
411 bytes_last_frag = bytes_per_frag;
414 bytes_per_frag = bytes_last_frag = bytes;
415 frag_size = bytes + hdr_len;
418 rts_required = (frag_size > ieee->rts
419 && ieee->config & CFG_IEEE80211_RTS);
423 /* When we allocate the TXB we allocate enough space for the reserve
424 * and full fragment bytes (bytes_per_frag doesn't include prefix,
425 * postfix, header, FCS, etc.) */
426 txb = ieee80211_alloc_txb(nr_frags, frag_size,
427 ieee->tx_headroom, GFP_ATOMIC);
428 if (unlikely(!txb)) {
429 printk(KERN_WARNING "%s: Could not allocate TXB\n",
433 txb->encrypted = encrypt;
435 txb->payload_size = frag_size * (nr_frags - 1) +
438 txb->payload_size = bytes;
441 skb_frag = txb->fragments[0];
443 (struct ieee80211_hdr_3addrqos *)skb_put(skb_frag, hdr_len);
446 * Set header frame_ctl to the RTS.
449 cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS);
450 memcpy(frag_hdr, &header, hdr_len);
453 * Restore header frame_ctl to the original data setting.
455 header.frame_ctl = cpu_to_le16(fc);
458 (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
459 skb_put(skb_frag, 4);
461 txb->rts_included = 1;
466 for (; i < nr_frags; i++) {
467 skb_frag = txb->fragments[i];
469 if (host_encrypt || host_build_iv)
470 skb_reserve(skb_frag,
471 crypt->ops->extra_mpdu_prefix_len);
474 (struct ieee80211_hdr_3addrqos *)skb_put(skb_frag, hdr_len);
475 memcpy(frag_hdr, &header, hdr_len);
477 /* If this is not the last fragment, then add the MOREFRAGS
478 * bit to the frame control */
479 if (i != nr_frags - 1) {
480 frag_hdr->frame_ctl =
481 cpu_to_le16(fc | IEEE80211_FCTL_MOREFRAGS);
482 bytes = bytes_per_frag;
484 /* The last fragment takes the remaining length */
485 bytes = bytes_last_frag;
488 if (i == 0 && !snapped) {
489 ieee80211_copy_snap(skb_put
490 (skb_frag, SNAP_SIZE + sizeof(u16)),
492 bytes -= SNAP_SIZE + sizeof(u16);
495 memcpy(skb_put(skb_frag, bytes), skb->data, bytes);
497 /* Advance the SKB... */
498 skb_pull(skb, bytes);
500 /* Encryption routine will move the header forward in order
501 * to insert the IV between the header and the payload */
503 ieee80211_encrypt_fragment(ieee, skb_frag, hdr_len);
504 else if (host_build_iv) {
505 struct ieee80211_crypt_data *crypt;
507 crypt = ieee->crypt[ieee->tx_keyidx];
508 atomic_inc(&crypt->refcnt);
509 if (crypt->ops->build_iv)
510 crypt->ops->build_iv(skb_frag, hdr_len,
511 ieee->sec.keys[ieee->sec.active_key],
512 ieee->sec.key_sizes[ieee->sec.active_key],
514 atomic_dec(&crypt->refcnt);
518 (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
519 skb_put(skb_frag, 4);
523 spin_unlock_irqrestore(&ieee->lock, flags);
525 dev_kfree_skb_any(skb);
528 int ret = (*ieee->hard_start_xmit) (txb, dev, priority);
531 stats->tx_bytes += txb->payload_size;
535 ieee80211_txb_free(txb);
541 spin_unlock_irqrestore(&ieee->lock, flags);
542 netif_stop_queue(dev);
547 /* Incoming 802.11 strucure is converted to a TXB
548 * a block of 802.11 fragment packets (stored as skbs) */
549 int ieee80211_tx_frame(struct ieee80211_device *ieee,
550 struct ieee80211_hdr *frame, int hdr_len, int total_len,
553 struct ieee80211_txb *txb = NULL;
555 struct net_device_stats *stats = &ieee->stats;
556 struct sk_buff *skb_frag;
558 int fraglen = total_len;
559 int headroom = ieee->tx_headroom;
560 struct ieee80211_crypt_data *crypt = ieee->crypt[ieee->tx_keyidx];
562 spin_lock_irqsave(&ieee->lock, flags);
564 if (encrypt_mpdu && (!ieee->sec.encrypt || !crypt))
567 /* If there is no driver handler to take the TXB, dont' bother
569 if (!ieee->hard_start_xmit) {
570 printk(KERN_WARNING "%s: No xmit handler.\n", ieee->dev->name);
574 if (unlikely(total_len < 24)) {
575 printk(KERN_WARNING "%s: skb too small (%d).\n",
576 ieee->dev->name, total_len);
581 frame->frame_ctl |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
582 fraglen += crypt->ops->extra_mpdu_prefix_len +
583 crypt->ops->extra_mpdu_postfix_len;
584 headroom += crypt->ops->extra_mpdu_prefix_len;
587 /* When we allocate the TXB we allocate enough space for the reserve
588 * and full fragment bytes (bytes_per_frag doesn't include prefix,
589 * postfix, header, FCS, etc.) */
590 txb = ieee80211_alloc_txb(1, fraglen, headroom, GFP_ATOMIC);
591 if (unlikely(!txb)) {
592 printk(KERN_WARNING "%s: Could not allocate TXB\n",
597 txb->payload_size = fraglen;
599 skb_frag = txb->fragments[0];
601 memcpy(skb_put(skb_frag, total_len), frame, total_len);
604 (CFG_IEEE80211_COMPUTE_FCS | CFG_IEEE80211_RESERVE_FCS))
605 skb_put(skb_frag, 4);
607 /* To avoid overcomplicating things, we do the corner-case frame
608 * encryption in software. The only real situation where encryption is
609 * needed here is during software-based shared key authentication. */
611 ieee80211_encrypt_fragment(ieee, skb_frag, hdr_len);
614 spin_unlock_irqrestore(&ieee->lock, flags);
617 if ((*ieee->hard_start_xmit) (txb, ieee->dev, priority) == 0) {
619 stats->tx_bytes += txb->payload_size;
622 ieee80211_txb_free(txb);
627 spin_unlock_irqrestore(&ieee->lock, flags);
632 EXPORT_SYMBOL(ieee80211_tx_frame);
633 EXPORT_SYMBOL(ieee80211_txb_free);